From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1753134AbbGNNmO (ORCPT <rfc822;w@1wt.eu>);
	Tue, 14 Jul 2015 09:42:14 -0400
Received: from Chamillionaire.breakpoint.cc ([80.244.247.6]:49551 "EHLO
	Chamillionaire.breakpoint.cc" rhost-flags-OK-OK-OK-OK)
	by vger.kernel.org with ESMTP id S1752486AbbGNNmM (ORCPT
	<rfc822;linux-kernel@vger.kernel.org>);
	Tue, 14 Jul 2015 09:42:12 -0400
Date: Tue, 14 Jul 2015 15:42:03 +0200
From: Florian Westphal <fw@strlen.de>
To: Michal Kubecek <mkubecek@suse.cz>
Cc: netfilter-devel@vger.kernel.org, coreteam@netfilter.org,
        linux-api@vger.kernel.org, netdev@vger.kernel.org,
        linux-kernel@vger.kernel.org, Pablo Neira Ayuso <pablo@netfilter.org>,
        Patrick McHardy <kaber@trash.net>,
        Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>,
        "David S. Miller" <davem@davemloft.net>
Subject: Re: [PATCH nf-next] netfilter: nf_ct_sctp: minimal multihoming
 support
Message-ID: <20150714134203.GG25674@breakpoint.cc>
References: <20150714122311.8DA8EA0C9A@unicorn.suse.cz>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20150714122311.8DA8EA0C9A@unicorn.suse.cz>
User-Agent: Mutt/1.5.21 (2010-09-15)
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

Michal Kubecek <mkubecek@suse.cz> wrote:
> +	case SCTP_CID_HEARTBEAT:
> +		pr_debug("SCTP_CID_HEARTBEAT");
> +		i = 9;
> +		break;
> +	case SCTP_CID_HEARTBEAT_ACK:
> +		pr_debug("SCTP_CID_HEARTBEAT_ACK");
> +		i = 10;
> +		break;
>  	default:
>  		/* Other chunks like DATA, SACK, HEARTBEAT and
>  		its ACK do not cause a change in state */
> @@ -329,6 +351,8 @@ static int sctp_packet(struct nf_conn *ct,
>  	    !test_bit(SCTP_CID_COOKIE_ECHO, map) &&
>  	    !test_bit(SCTP_CID_ABORT, map) &&
>  	    !test_bit(SCTP_CID_SHUTDOWN_ACK, map) &&
> +	    !test_bit(SCTP_CID_HEARTBEAT, map) &&
> +	    !test_bit(SCTP_CID_HEARTBEAT_ACK, map) &&
>  	    sh->vtag != ct->proto.sctp.vtag[dir]) {
>  		pr_debug("Verification tag check failed\n");
>  		goto out;
> @@ -357,6 +381,16 @@ static int sctp_packet(struct nf_conn *ct,
>  			/* Sec 8.5.1 (D) */
>  			if (sh->vtag != ct->proto.sctp.vtag[dir])
>  				goto out_unlock;
> +		} else if (sch->type == SCTP_CID_HEARTBEAT ||
> +			   sch->type == SCTP_CID_HEARTBEAT_ACK) {
> +			if (ct->proto.sctp.vtag[dir] == 0) {
> +				pr_debug("Setting vtag %x for dir %d\n",
> +					 sh->vtag, dir);
> +				ct->proto.sctp.vtag[dir] = sh->vtag;

Could you please elaborate on the [dir] == 0 test?

I see this might happen for SCTP_CID_HEARTBEAT_ACK, but why is this
needed for SCTP_CID_HEARTBEAT ?

We found a conntrack entry so shouldn't the vtag[dir] already be > 0?